Journal articles on the topic 'Personally-Identifiable information protection'
To see the other types of publications on this topic, follow the link: Personally-Identifiable information protection.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Personally-Identifiable information protection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Liu, Deliang. "The Protection of Personally Identifiable Information." SCRIPT-ed 4, no. 4 (December 15, 2007): 389–406. http://dx.doi.org/10.2966/scrip.040407.389.
2
Fugkeaw, Somchart, and Pattavee Sanchol. "Enabling Efficient Personally Identifiable Information Detection with Automatic Consent Discovery." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 17, no. 2 (June 8, 2023): 245–54. http://dx.doi.org/10.37936/ecti-cit.2023172.252270.
Abstract:
Personal data leakage prevention has now become a critical issue for implementing data management and sharing in many industries. Several data privacy regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPPA), California Consumer Privacy Act (CCPA), and Thailand's Personal Data Protection Act (PDPA) have been issued to enforce organizations to collect, process, and transfer personally identifiable information (PII) securely. In this paper, we propose a design and development of PII RapidDiscover, an efficient Thai and English PII discovery system featured with automatic consent discovery. At the core of our proposed system, we introduce the PII scanning algorithm based on the Presidio library and a natural language processing (NLP) technique to improve the scan result of PII written in Thai and English. Finally, we conducted the experiments to demonstrate the efficiency of our proposed system.
3
Onik, Md Mehedi Hassan, Chul-Soo Kim, Nam-Yong Lee, and Jinhong Yang. "Privacy-aware blockchain for personal data sharing and tracking." Open Computer Science 9, no. 1 (April 15, 2019): 80–91. http://dx.doi.org/10.1515/comp-2019-0005.
Abstract:
AbstractSecure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.
4
Posey, Clay, Uzma Raja, Robert E. Crossler, and A. J. Burns. "Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA." European Journal of Information Systems 26, no. 6 (November 2017): 585–604. http://dx.doi.org/10.1057/s41303-017-0065-y.
5
Bomba, David, and George Hallit. "Will the new Australian Health Privacy Law provide adequate protection?" Australian Health Review 25, no. 3 (2002): 141. http://dx.doi.org/10.1071/ah020141a.
Abstract:
Amendments to the original Privacy Act (1988) come at a key point in time, as a national medical record system looms on the Australian horizon. Changes to The Privacy Act have the potential to define a level of information privacy prior to the implementation of such a system. We have therefore collected expert opinions on the ability of the Health Privacy Guidelines(enacted in December 2001 under The Privacy Act and hereafter more specifically known as Health Privacy Legislation) to ensure the privacy and security of patient information. We conclude that the legislation is flawed in its capacity to withstand an increasingly corporatised health sector. Deficiencies in consent requirements, together with feeble enforcement capabilities, mean The Legislation cannot effectively ensure that personally identifiable information will not end up in corporate third party hands. To significantly bolster the new legislation, we argue that it should be supplemented with explicit health data legislation and privacy auditing.
6
Mavridis, Ioannis. "Deploying Privacy Improved RBAC in Web Information Systems." International Journal of Information Technologies and Systems Approach 4, no. 2 (July 2011): 70–87. http://dx.doi.org/10.4018/jitsa.2011070105.
Abstract:
Access control technology holds a central role in achieving trustworthy management of personally identifiable information in modern information systems. In this article, a privacy-sensitive model that extends Role-Based Access Control (RBAC) to provide privacy protection through fine-grained and just-in-time access control in Web information systems is proposed. Moreover, easy and effective mapping of corresponding components is recognized as an important factor for succeeding in matching security and privacy objectives. Such a process is proposed to be accomplished by capturing and modeling privacy requirements in the early stages of information system development. Therefore, a methodology for deploying the mechanisms of an access control system conforming to the proposed Privacy Improved Role-Based Access Control (PIRBAC) model is presented. To illustrate the application of the proposed methodology, an application example in the healthcare domain is described.
7
Ellis, Donna A. "A case history in architectural acoustics: Security, acoustics, the protection of personally identifiable information (PII), and accessibility for the disabled." Journal of the Acoustical Society of America 136, no. 4 (October 2014): 2182. http://dx.doi.org/10.1121/1.4899907.
8
Cruz, Bruno Silveira, and Murillo de Oliveira Dias. "Does digital privacy really exist? When the consumer is the product." Asian Journal of Economics and Business Management 1, no. 1 (June 28, 2022): 39–43. http://dx.doi.org/10.53402/ajebm.v1i1.53.
Abstract:
In 2015, the scandal on Facebook and Cambridge Analytica Ltd, a British political consulting firm - subsidiary of the SCL Group, shook the international public opinion on digital privacy. The subject has attracted scholarly attention, after 87 million mostly Facebook users worldwide, had their personal information under suspicion of data misappropriation, for political influence. In spite of the Cambridge Analytica investigations conducted, a puzzling question remains: does digital privacy really exist? This article investigated the event and the role of the companies involved. Key findings point out that the sharing of personally identifiable information is a structured business model, with a vast ecosystem of providers and consumers. The article threw more light on digital privacy, and ultimately brought a full set of recommendations on data protection.
9
Olabanji, Samuel Oladiipo, Oluseun Babatunde Oladoyinbo, Christopher Uzoma Asonze, Tunbosun Oyewale Oladoyinbo, Samson Abidemi Ajayi, and Oluwaseun Oladeji Olaniyi. "Effect of Adopting AI to Explore Big Data on Personally Identifiable Information (PII) for Financial and Economic Data Transformation." Asian Journal of Economics, Business and Accounting 24, no. 4 (February 26, 2024): 106–25. http://dx.doi.org/10.9734/ajeba/2024/v24i41268.
Abstract:
The integration of Artificial Intelligence (AI) into big data analytics represents a pivotal shift in the management of Personally Identifiable Information (PII) within the financial sector. This study was prompted by the increasing reliance on AI for handling sensitive financial data and the consequent rise in data security concerns, exemplified by the 2019 Capital One data breach which compromised the PII of over 100 million individuals, highlighting the vulnerabilities inherent in digital data storage and management systems. Aiming to critically evaluate the effects of adopting AI in exploring big data on PII within the financial and economic sectors, the study focused on assessing how AI can transform data management processes, enhance data security, ensure compliance with regulatory requirements, and maintain data integrity. Employing a quantitative research methodology, data was gathered from 532 professionals in the financial sector through surveys distributed via LinkedIn. The hypotheses were tested using multiple regression analysis. The study's findings revealed that the adoption of AI in managing big data significantly enhances the security and privacy of PII in the financial sector. However, it also increases the risk of sophisticated cyber-attacks such as adversarial attacks and data poisoning. Significantly, financial institutions that integrate AI into their data management systems demonstrate higher compliance with data protection regulations, and AI-driven cybersecurity strategies were found to markedly improve the performance of cybersecurity systems in the sector. Based on these insights, the study recommends best practices and guidelines for financial institutions to effectively integrate AI into their data management systems. These include prioritizing data security and privacy, ensuring regulatory compliance, investing in AI-driven cybersecurity, and managing the inherent risks of AI integration. The study advocates for a balanced approach in AI adoption, emphasizing the need for robust security measures, continuous monitoring, and adapting to the evolving regulatory and technological landscape.
10
Georgiadou, Yola, Rolf de By, and Ourania Kounadi. "Location Privacy in the Wake of the GDPR." ISPRS International Journal of Geo-Information 8, no. 3 (March 22, 2019): 157. http://dx.doi.org/10.3390/ijgi8030157.
Abstract:
The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is `how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered or observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.
11
Ukwueze, Festus. "Strengthening the Legal Framework for Personal Data Protection in Nigeria." Nigerian Juridical Review 16 (June 28, 2022): 124–42. http://dx.doi.org/10.56284/tnjr.v16i1.16.
Abstract:
Advancement in Information Communication Technology (ICT) has brought to the fore the need for the protection of individuals’ personal data. In today’s digital age, the personal data of individuals are routinely collected and stored in databases of both private and public establishments. Such personally identifiable information can easily be analyzed with fascinating accuracy, rapidly transmitted, and put to unimaginable uses. This situation has placed the regulation of personal data collection and uses on the front burner in many nations. The weak or total absence of regulation of personal data poses serious challenges to the security of lives and property of individuals and can constitute a serious disincentive for the adoption of beneficial technology. Employing the doctrinal methodology, this article examines the legal framework for personal data protection in Nigeria with the aim of assessing the adequacy or otherwise of relevant extant regulations in protecting the personal data of Nigerians and other people doing business in Nigeria. Looking at the state of the law in some developed and developing countries, the paper notes that the current state of regulation in Nigeria is still a far cry from what obtains in most countries of the global North and some sister African countries. It, therefore, concludes that there is a compelling need for a stronger regulatory framework for data privacy in Nigeria.
12
Villarán, Carlos, and Marta Beltrán. "User-Centric Privacy for Identity Federations Based on a Recommendation System." Electronics 11, no. 8 (April 14, 2022): 1238. http://dx.doi.org/10.3390/electronics11081238.
Abstract:
Specifications such as SAML, OAuth, OpenID Connect and Mobile Connect are essential for solving identification, authentication and authorisation in contexts such as mobile apps, social networks, e-commerce, cloud computing or the Internet of Things. However, end-users relying on identity providers to access resources, applications or services lose control over the Personally Identifiable Information (PII) they share with the different providers composing identity federations. This work proposes a user-centric approach based on a recommendation system to support users in making privacy decisions such as selecting service providers or choosing their privacy settings. The proposed Privacy Advisor gives end-users privacy protection by providing personalised recommendations without compromising the identity federations’ functionalities or requiring any changes in their underlying specifications. A proof of concept of the proposed recommendation system is presented to validate and evaluate its utility and feasibility.
13
Mićović, Marko, Uroš Radenković, and Pavle Vuletić. "Network Layer Privacy Protection Using Format-Preserving Encryption." Electronics 12, no. 23 (November 27, 2023): 4800. http://dx.doi.org/10.3390/electronics12234800.
Abstract:
Format-Preserving Encryption (FPE) algorithms are symmetric cryptographic algorithms that encrypt an arbitrary-length plaintext into a ciphertext of the same size. Standardisation bodies recognised the first FPE algorithms (FEA-1, FEA-2, FF1 and FF3-1) in the last decade, and they have not been used for network layer privacy protection so far. However, their ability to encrypt arbitrary-length plaintext makes them suitable for encrypting selected packet header fields and replacing their original value with ciphertext of the same size without storing excessive information on the network element. If the encrypted fields carry personally identifiable information, it is possible to protect the privacy of the endpoints in the communication. This paper presents our research on using FPE for network layer privacy protection and describes LISPP, a lightweight, stateless network layer privacy protection system. The system was developed for programmable smart network interface cards (NIC) and thoroughly tested in a real network environment. We have created several implementations ranging from pure P4 to a mix of P4 and C implementations, exploring their performance and the suitability of target-independent P4 language for such processor-intensive applications. Finally, LISPP achieved line rate TCP throughput, up to 4.5 million packets per second, with the penalty of only 30 to 60 microseconds of additional one-way delay, proving that it is adequate for use in production networks. The most efficient implementation was with the FF3-1 algorithm developed in C and carefully adapted to the specific hardware configuration of the NIC.
14
Koo, Jahoon, Giluk Kang, and Young-Gab Kim. "Security and Privacy in Big Data Life Cycle: A Survey and Open Challenges." Sustainability 12, no. 24 (December 17, 2020): 10571. http://dx.doi.org/10.3390/su122410571.
Abstract:
The use of big data in various fields has led to a rapid increase in a wide variety of data resources, and various data analysis technologies such as standardized data mining and statistical analysis techniques are accelerating the continuous expansion of the big data market. An important characteristic of big data is that data from various sources have life cycles from collection to destruction, and new information can be derived through analysis, combination, and utilization. However, each phase of the life cycle presents data security and reliability issues, making the protection of personally identifiable information a critical objective. In particular, user tendencies can be analyzed using various big data analytics, and this information leads to the invasion of personal privacy. Therefore, this paper identifies threats and security issues that occur in the life cycle of big data by confirming the current standards developed by international standardization organizations and analyzing related studies. In addition, we divide a big data life cycle into five phases (i.e., collection, storage, analytics, utilization, and destruction), and define the security taxonomy of the big data life cycle based on the identified threats and security issues.
15
Fiaz, Faisal, Syed Muhammad Sajjad, Zafar Iqbal, Muhammad Yousaf, and Zia Muhammad. "MetaSSI: A Framework for Personal Data Protection, Enhanced Cybersecurity and Privacy in Metaverse Virtual Reality Platforms." Future Internet 16, no. 5 (May 18, 2024): 176. http://dx.doi.org/10.3390/fi16050176.
Abstract:
The Metaverse brings together components of parallel processing computing platforms, the digital development of physical systems, cutting-edge machine learning, and virtual identity to uncover a fully digitalized environment with equal properties to the real world. It possesses more rigorous requirements for connection, including safe access and data privacy, which are necessary with the advent of Metaverse technology. Traditional, centralized, and network-centered solutions fail to provide a resilient identity management solution. There are multifaceted security and privacy issues that hinder the secure adoption of this game-changing technology in contemporary cyberspace. Moreover, there is a need to dedicate efforts towards a secure-by-design Metaverse that protects the confidentiality, integrity, and privacy of the personally identifiable information (PII) of users. In this research paper, we propose a logical substitute for established centralized identity management systems in compliance with the complexity of the Metaverse. This research proposes a sustainable Self-Sovereign Identity (SSI), a fully decentralized identity management system to mitigate PII leaks and corresponding cyber threats on all multiverse platforms. The principle of the proposed framework ensures that the users are the only custodians and proprietors of their own identities. In addition, this article provides a comprehensive approach to the implementation of the SSI principles to increase interoperability and trustworthiness in the Metaverse. Finally, the proposed framework is validated using mathematical modeling and proved to be stringent and resilient against modern-day cyber attacks targeting Metaverse platforms.
16
Oluwatoyin Ajoke Fayayola, Oluwabukunmi Latifat Olorunfemi, and Philip Olaseni Shoetan. "DATA PRIVACY AND SECURITY IN IT: A REVIEW OF TECHNIQUES AND CHALLENGES." Computer Science & IT Research Journal 5, no. 3 (March 18, 2024): 606–15. http://dx.doi.org/10.51594/csitrj.v5i3.909.
Abstract:
In today's interconnected digital world, data privacy and security have emerged as paramount concerns for individuals, organizations, and governments alike. This review provides a comprehensive review of techniques and challenges surrounding data privacy and security in information technology (IT) systems. The review begins by outlining the significance of data privacy and security in IT, emphasizing the proliferation of sensitive information stored and transmitted across various digital platforms. With the exponential growth of data collection, storage, and processing, ensuring the confidentiality, integrity, and availability of data has become imperative. Next, the review delves into the techniques employed to safeguard data privacy and security in IT environments. Encryption techniques, such as symmetric and asymmetric cryptography, play a crucial role in protecting data from unauthorized access and interception. Additionally, access control mechanisms, including authentication and authorization protocols, help manage user privileges and restrict unauthorized entry into sensitive data repositories. Furthermore, anonymization and pseudonymization techniques are utilized to conceal personally identifiable information (PII) and mitigate the risk of identity theft and privacy breaches. Moreover, the review discusses the challenges associated with data privacy and security in IT ecosystems. These challenges include the evolving nature of cyber threats, such as malware, ransomware, and social engineering attacks, which constantly test the resilience of IT defenses. Additionally, compliance with regulatory frameworks, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), presents significant challenges for organizations striving to adhere to stringent data protection standards while maintaining operational efficiency. Furthermore, emerging technologies, such as the Internet of Things (IoT) and artificial intelligence (AI), introduce novel security risks and privacy concerns due to their interconnected nature and reliance on vast amounts of data. In conclusion, the review underscores the critical importance of continuously evaluating and enhancing data privacy and security measures in IT systems to mitigate risks, comply with regulations, and foster trust among stakeholders in an increasingly digitalized world.
Keywords: Data, Privacy, Security, IT, AI.
17
Kelly, Miriam, Eoghan Furey, and Kevin Curran. "How to Achieve Compliance with GDPR Article 17 in a Hybrid Cloud Environment." Sci 2, no. 2 (April 2, 2020): 22. http://dx.doi.org/10.3390/sci2020022.
Abstract:
On 25 May 2018, the General Data Protection Regulation (GDPR)Article 17, the Right to Erasure (‘Right to be Forgotten’) came into force making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate compliance with GDPR’s Article 17 Right to Erasure (‘Right to be Forgotten’) is achievable in a Hybrid cloud environment by following a list of recommendations. However, 100% retrieval, 100% of time will not be possible, but we show that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (‘Right to be Forgotten’) compliant.
18
Kelly, Miriam, Eoghan Furey, and Kevin Curran. "How to Achieve Compliance with GDPR Article 17 in a Hybrid Cloud Environment." Sci 3, no. 1 (January 4, 2021): 3. http://dx.doi.org/10.3390/sci3010003.
Abstract:
On 25 May 2018, the General Data Protection Regulation (GDPR) Article 17, the Right to Erasure (“Right to be Forgotten”) came into force, making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate that reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate that compliance with GDPR’s Article 17 Right to Erasure (“Right to be Forgotten”) is achievable in a hybrid cloud environment by following a list of recommendations. However, full retrieval, all of the time will not be possible, but we show that small organisations running an ad-hoc hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (“Right to be Forgotten”) compliant.
19
Reyes, Irwin, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. "“Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale." Proceedings on Privacy Enhancing Technologies 2018, no. 3 (June 1, 2018): 63–83. http://dx.doi.org/10.1515/popets-2018-0021.
Abstract:
Abstract We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps’ compliance with the Children’s Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 of the most popular free children’s apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of thirdparty SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs. Worse, we observed that 19% of children’s apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success: of the 3,454 apps that share the resettable ID with advertisers, 66% transmit other, non-resettable, persistent identifiers as well, negating any intended privacy-preserving properties of the advertising ID.
20
Sun, Yuanyi, Sencun Zhu, and Yu Chen. "ZoomP3: Privacy-Preserving Publishing of Online Video Conference Recordings." Proceedings on Privacy Enhancing Technologies 2022, no. 3 (July 2022): 630–49. http://dx.doi.org/10.56553/popets-2022-0089.
Abstract:
The COVID-19 epidemic has made online video conferencing extremely popular throughout the world, with many schools, companies and government sectors using video conferencing applications (e.g., Zoom, Google Meet) in a daily basis. These applications also provide local or cloud recording services, which allow the replay or sharing of video conference recordings (VCRs) in a later time. Such convenience, however, can easily cause infringement of privacy as meeting participants’ personally identifiable information (e.g., face, name, voice) may be exposed to the public without their awareness or consent. While privacy regulation and training can help relieve the situation, efficient and effective tools are also highly desired to protect the privacysensitive users in the VCRs before their public releases. In this work, we propose the first Privacy-Preserving Publishing system (ZoomP3 ) that automatically processes video and audio information in VCRs for privacy protection. Besides leveraging and integrating multiple state-of-the-art computer vision and audio processing tools seamlessly into our system, a number of optimization algorithms are proposed to improve the scalability of the system, enabling it to protect the privacy of long video conferences. We have conducted various tests with short and long videos, and the results (with online demos) verified that ZoomP3 system is suitable for largescale use. It may be applied as an online service, e.g., by Zoom, or by large organizations such as universities, research institutes and government sectors.
21
Shakor, Ali M. "When Wireless Technologies Faces COVID-19: via Apps using to Combat the Pandemic and Save the Economy." Tikrit Journal of Engineering Sciences 29, no. 2 (July 27, 2022): 41–50. http://dx.doi.org/10.25130/tjes.29.2.6.
Abstract:
As the number of smartphone users grows, the smartphone's function in healthcare has evolved from a device that is used to arrange doctor appointments via the internet rather than the traditional approach. Mobile apps are a convenient way to track and collect data in order to combat the spread of COVID-19. To ensure that the right to privacy and civil liberties are maintained, we report on our investigation of 50 COVID -19- related apps, including their access to and use of personally identifiable information. Reservations are made at the doctor over the Internet, and an appointment is arranged for the visit and medical examination at a certain time, resulting in a reduction in the spread of the virus, especially in pandemic conditions such as Covid-19. Additionally, this provides a service for saving data and health files in the cloud on the Internet to retrieve information when needed, and not wasting these files and health papers while providing protection for them in terms of patient privacy. Designing an application (App) functioning on IOS and Android systems which works in mobile devices easily to provide the ability to book a doctor appointment from App. The App is a link between the patient and the doctor to reduce the patient’s presence in health centers and medical facilities which are good centers for transmission of infection, especially in COVID-19. During the design of app, we have considered the low speed of data throughput especially for IRAQ.
22
Yamcharoen, P., O. S. Folorunsho, A. Bayewu, and T. P. Ojo. "Impact of Digitalizing Healthcare Business Operations on Cybersecurity Landscape." Advances in Multidisciplinary and scientific Research Journal Publication 8, no. 4 (December 30, 2022): 27–34. http://dx.doi.org/10.22624/aims/bhi/v8n4p3.
Abstract:
The technological evolution and digitalization of business operations contributed to healthcare organizations' constantly changing cybersecurity landscape. It is compulsory and mandated by the covered entities to fully comply with the industry regulatory standards, procedures, laws, and guidelines. The compliance officer must pay attention to the change in the business operations and the laws governing the organization's business operation. Developing an automated cybersecurity team that will track the change in the cybersecurity landscape of healthcare businesses as the business operations move toward digitalization and adoption of artificial intelligence-driven solutions. Adopting AI as a defensive measure requires an organization to monitor and assess the patent application landscape before deploying any AI intellectual property for its risk mitigation strategy or infrastructure protection. The security team must ensure that the usage of AI at the organization complies with the US federal and state antitrust laws. The organization's security team will implement control to identify data retention limits and regulate and permit the use of personally identifiable information within the organization. The enforcement will be via an organization's processes, functions, or approved mechanisms. The security team will implement binding techniques to strengthen the information flow enforcement process. This paper will elaborate on the binding technique that will regulate the number of users accessing the organization's resources or information. Keywords: Digitalization, Artificial Intelligence, Controls, Compliance, Rule & Regulation. Journal Reference Format: Yamcharoen P., Folorunsho O.S., Bayewu A. & Ojo T.P. (2022): Impact of Digitalizing Healthcare Business Operations on Cybersecurity Landscape. Journal of Behavioural Informatics, Digital Humanities and Development Research. Vol. 8.No. 4, Pp 27-34. Available online at https://www.isteams.net/behavioralinformaticsjournal. dx.doi.org/10.22624/AIMS/BHI/V8N4P3
23
Kollnig, Konrad, Anastasia Shuba, Reuben Binns, Max Van Kleek, and Nigel Shadbolt. "Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps." Proceedings on Privacy Enhancing Technologies 2022, no. 2 (March 3, 2022): 6–24. http://dx.doi.org/10.2478/popets-2022-0033.
Abstract:
Abstract While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children’s category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children’s location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children’s apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.
24
Kuang, Lida, Samruda Pobbathi, Yuri Mansury, Matthew A. Shapiro, and Vijay K. Gurbani. "Predicting age and gender from network telemetry: Implications for privacy and impact on policy." PLOS ONE 17, no. 7 (July 21, 2022): e0271714. http://dx.doi.org/10.1371/journal.pone.0271714.
Abstract:
The systematic monitoring of private communications through the use of information technology pervades the digital age. One result of this is the potential availability of vast amount of data tracking the characteristics of mobile network users. Such data is becoming increasingly accessible for commercial use, while the accessibility of such data raises questions about the degree to which personal information can be protected. Existing regulations may require the removal of personally-identifiable information (PII) from datasets before they can be processed, but research now suggests that powerful machine learning classification methods are capable of targeting individuals for personalized marketing purposes, even in the absence of PII. This study aims to demonstrate how machine learning methods can be deployed to extract demographic characteristics. Specifically, we investigate whether key demographics—gender and age—of mobile users can be accurately identified by third parties using deep learning techniques based solely on observations of the user’s interactions within the network. Using an anonymized dataset from a Latin American country, we show the relative ease by which PII in terms of the age and gender demographics can be inferred; specifically, our neural networks model generates an estimate for gender with an accuracy rate of 67%, outperforming decision tree, random forest, and gradient boosting models by a significant margin. Neural networks achieve an even higher accuracy rate of 78% in predicting the subscriber age. These results suggest the need for a more robust regulatory framework governing the collection of personal data to safeguard users from predatory practices motivated by fraudulent intentions, prejudices, or consumer manipulation. We discuss in particular how advances in machine learning have chiseled away a number of General Data Protection Regulation (GDPR) articles designed to protect consumers from the imminent threat of privacy violations.
25
Gonzalez-Granadillo, Gustavo, Sofia Anna Menesidou, Dimitrios Papamartzivanos, Ramon Romeu, Diana Navarro-Llobet, Caxton Okoh, Sokratis Nifakos, Christos Xenakis, and Emmanouil Panaousis. "Automated Cyber and Privacy Risk Management Toolkit." Sensors 21, no. 16 (August 15, 2021): 5493. http://dx.doi.org/10.3390/s21165493.
Abstract:
Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (Automated Cyber and Privacy Risk Management Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit in the academic literature that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.
26
Makhija, Anil K. "Deep Learning Application – Identifying PII (Personally Identifiable Information) to Protect." Journal of Accounting, Finance, Economics, and Social Sciences 5, no. 2 (2020): 10–16. http://dx.doi.org/10.62458/jafess.160224.5(2)10-16.
Abstract:
ABSTRACT This paper presents application of deep learning and machine learning models in detecting personally identifiable information (PII) in unstructured text (emails). The proposed models use support vector machine (trained using sequential minimal optimization) and long short term memory (LSTM) artificial neural network. Synthetic email dataset has been used to train and validate the proposed models and the outcomes are measured by standard measures of accuracy, precision, recall and F1-score of each of the proposed model. The experimental results on the model that uses support vector machine (trained using sequential minimal optimization) showed most promising results on detecting the personally identifiable information in the email dataset. The LSTM model also showed equally promising results. Keywords: Personally Identifiable Information, Deep Learning in detecting PII, Machine Learning in detecting PII, Artificial Intelligence in protecting privacy, Protecting Personally Identifiable Information.
27
Bader, Michael D. M., Stephen J. Mooney, and Andrew G. Rundle. "Protecting Personally Identifiable Information When Using Online Geographic Tools for Public Health Research." American Journal of Public Health 106, no. 2 (February 2016): 206–8. http://dx.doi.org/10.2105/ajph.2015.302951.
28
Hofman, Darra, Victoria Louise Lemieux, Alysha Joo, and Danielle Alves Batista. "“The margin between the edge of the world and infinite possibility”." Records Management Journal 29, no. 1/2 (March 11, 2019): 240–57. http://dx.doi.org/10.1108/rmj-12-2018-0045.
Abstract:
Purpose This paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection. Design/methodology/approach This paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance? Findings This work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals. Research limitations/implications Some aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders. Practical implications Managing personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR. Social implications Because the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces. Originality/value The specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.
29
Shin, Yong-Nyuo. "Standard Implementation for Privacy Framework and Privacy Reference Architecture for Protecting Personally Identifiable Information." International Journal of Fuzzy Logic and Intelligent Systems 11, no. 3 (September 30, 2011): 197–203. http://dx.doi.org/10.5391/ijfis.2011.11.3.197.
30
Houser, Ryan. "Private Health Information Legal Protections in Emergency Medical Services." International Journal of Paramedicine, no. 1 (November 16, 2022): 29–37. http://dx.doi.org/10.56068/jtng9057.
Abstract:
Recent communications between counsel for an Emergency Medical Service (EMS) provider in New Jersey and the state Department of Health (DOH), Office of Emergency Medical Services (OEMS) claimed that the DOH was providing illicit access to private health information (PHI) based within the providers electronic patient care report (ePCR). While the response from the DOH indicated that the information sharing was completed in accordance with all state and federal laws, the concerns raised by the law firm are not novel concerns. EMS systems are often trusted by their patients to protect their PHI that is obtained as a necessity in the course of their lifesaving operations. The collection and use of data from EMS systems nationwide is crucial to the improvement of operations, provider safety, and patient care, however there is the competing interest of protecting the privacy of patients and respecting their Constitutionally protected rights. There are important legal and policy perspectives that should guide the prospect of personally identifiable EMS data sharing to law enforcement.
31
Sodiya, Adesina S., and Adegbuyi B. "A Framework for Protecting Users' Privacy in Cloud." International Journal of Information Security and Privacy 10, no. 4 (October 2016): 33–43. http://dx.doi.org/10.4018/ijisp.2016100102.
Abstract:
Data and document privacy concerns are increasingly important in the online world. In Cloud Computing, the story is the same, as the secure processing of personal data represents a huge challenge The main focus is to to preserve and protect personally identifiable information (PII) of individuals, customers, businesses, governments and organisations. The current use of anonymization techniques is not quite efficient because of its failure to use the structure of the datasets under consideration and inability to use a metric that balances the usefulness of information with privacy preservation. In this work, an adaptive lossy decomposition algorithm was developed for preserving privacy in cloud computing. The algorithm uses the foreign key associations to determine the generalizations possible for any attribute in the database. It generates penalties for each obscured attribute when sharing and proposes an optimal decomposition of the relation. Postgraduate database of Federal University of Agriculture, Abeokuta, Nigeria and Adult database provided at the UCIrvine Machine Learning Repository were used for the evaluation. The result shows a system that could be used to improve privacy in cloud computing.
32
Bergren, Martha Dewey. "HIPAA-FERPA REVISITED." Journal of School Nursing 20, no. 2 (April 2004): 107–12. http://dx.doi.org/10.1177/10598405040200020901.
Abstract:
Since April 2003, school nurse and school health officials have been clamoring for guidance on how the Health Insurance Portability and Accountability Act (HIPAA) and the Family Education Rights Privacy Act (FERPA) interface in the school environment. This article provides an up-to-date explanation of how school health leaders are interpreting the practical implications of the federal privacy laws. With the attention and scrutiny given to personally identifiable health information in all settings, it is imperative for school nurses, school administrators, and school attorneys to revisit policies and procedures for protecting the privacy of student and family health information in schools.
33
Baker, Christina, Cynthia A. Galemore, and Kerri McGowan Lowrey. "Information Sharing in the School Setting During a Public Health Emergency." NASN School Nurse 35, no. 4 (May 15, 2020): 198–202. http://dx.doi.org/10.1177/1942602x20925031.
Abstract:
The Family Educational Rights and Privacy Act of 1974 is the federal law that protects the privacy of personally identifiable information from student education records and applies to all education entities that receive funding under any program administered by the U.S. Department of Education. The Health Insurance Portability and Accountability Act of 1996 is the federal law that establishes privacy requirements for patients’ protected health information. Together these privacy laws establish rules that guide school nurses in the sharing of student information, even in times of public health emergencies. The U.S. Department of Education and the U.S. Department of Health and Human Services have issued special updates to privacy laws in response to the Novel Coronavirus Disease providing certain waivers of typical privacy requirements and direction to allow the sharing of information during this public health emergency. The purpose of this article is to briefly review the privacy laws as they relate to schools, as well as to provide an overview of the recent waivers to assist school nurses, school administrators, healthcare professionals, and public health agencies in protecting the health and safety of students during this current public health emergency.
34
Bergren, Martha Dewey, and Kathleen Johnson. "Data Sharing." NASN School Nurse 34, no. 4 (July 2019): 211–13. http://dx.doi.org/10.1177/1942602x19852934.
Abstract:
The data life cycle starts with defining what data are needed, to collecting, storing, protecting, using, sharing, retiring, and destroying data. A May 2019 NASN School Nurse article, “Data Governance and Stewardship,” addressed who is accountable for the data life cycle within a school system. This article will discuss data sharing, the ethics, and the steps that must be taken to share data responsibly. As discussed in the previous article, policies and procedures about data sharing are available in every school district. Frequently, the guidelines pertain only to sharing personally identifiable student information and do not address the sharing of aggregated information for the purposes of needs assessments, priority setting, outcomes measurement, or for advocating for resources or policy changes at the district, state, or national level. Fortunately, guidance of sharing data and crafting data sharing agreements is provided by the Privacy Technical Assistance Center at the U.S. Department of Education. This is the sixth article in the series on data.
35
Rashid, Husain, Khan Rabia, Tyagi Rajesh, and Kumar Komakula Manoj. "Enhancing cyber security in health care industry by using ISO 27001 accreditation." i-manager's Journal on Digital Forensics & Cyber Security 1, no. 2 (2023): 26. http://dx.doi.org/10.26634/jdf.1.2.20020.
Abstract:
Healthcare Industry plays a pivotal role in every one's life and with rapid advancements in cyber-attack vectors, threat actors and their strategies it has in-need created a necessity and a challenge to the numerous organizations and to the Governments as well, to stand guard and secure the institutes and the data stored with them. To design a secure healthcare system involves several considerations to protect sensitive patient data and ensure the confidentiality, integrity, and availability of information. Lot of work has been published on cyber security along with importance of protecting the Personally Identifiable Information (PII) and patient health records stored in hospitals, and also comparisons were made between paid or licensed tools and open source; however, implementation of the tools in real time was not in place where the financial limitations are a real concern and security is a need. This paper has given insight into important parameters such as risk assessment and security policies etc.
36
Nallamolu, Sathish, and Srinivas Padmanabhuni. "A Privacy Preserving Generative Adversarial Network for Image Data." ITM Web of Conferences 53 (2023): 03004. http://dx.doi.org/10.1051/itmconf/20235303004.
Abstract:
The extensive usage of online applications and social media has raised serious concerns from the public regarding the exposure of their personal information. So, there is a strong need for data anonymization to prevent privacy breaches and leakages. The era of attacks on databases and servers is an old trend. Now, most attacks are based on earning access to users’ private data. There are techniques like k-anonymity and l-diversity to protect Personally Identifiable Information (PII) from adversaries. However, these techniques still cannot provide security from homogeneity attacks, and their application is limited to structural data only. Till now, the frameworks are only available to anonymize the human face data in image format. In this paper, we proposed a new architecture for protecting privacy-related information in images of Indian vehicle number plates. We propose an architecture for anonymizing the vehicle number plates using Wasserstein’s Generative Adversarial Network (WGAN) by retaining the original data distribution even after anonymization. Our framework guarantees that it does not store any information while processing. Our main goal is to protect personal information from the image data. After anonymization, there is no similarity between the original and generated image. Our dataset includes a wide variety of license plates from all regions of India. Our work ensures that no human or a character recognition algorithm can recognize the characters from our anonymized images.
37
Jayasuriya, D. Dulani, and Alexandra Sims. "From the abacus to enterprise resource planning: is blockchain the next big accounting tool?" Accounting, Auditing & Accountability Journal 36, no. 1 (May 6, 2022): 24–62. http://dx.doi.org/10.1108/aaaj-08-2020-4718.
Abstract:
PurposeThis study conducts a systematic review using 452 academic and industry articles from an initial set of 60,899 records obtained by 3 databases from 2012 to 2020. The authors compare and contrast blockchains with existing legacy systems. The authors identify existing regulation, accounting standards, guidelines and potential amendments in under-explored areas such as taxation, accounting treatment of crypto-assets/liabilities and detailed auditing procedures. The study aims to highlight the trends, differences and gaps between academic and industry literature. The authors provide a behavioral, social, cultural, organizational, regulatory, ethical, accountability and managerial perspectives of blockchain adoption in accounting. Finally, the study develops two adoption frameworks.Design/methodology/approachThe authors' study follows (Moher et al., 2009) and (Briner and Denyer, 2012) methodology to conduct the systematic review and the steps are mentioned below. The authors construct a final sample of 452 from a preliminary search of three multi-disciplinary databases from 2012 to 2020. First, the authors motivate the review and formulate the research questions. Second, the authors aggregate relevant literature from both industry and academia and implement quality assessments. Third, the authors analyze the literature and construct the final sample of articles. Fourth, the authors conducted textual analysis, keyword frequencies and identify gaps, trends and similarities between academic and industry literature and develop the authors' frameworksFindingsThe authors identify 3 (ABDC, B and A* ranked) journals as publishing top article numbers with the highest article count for 2017 with 96 articles in academia and 2019 for the industry with 21 articles. Second-highest publications for academia occur in 2018 with 77 followed by, whereas in the industry, publications occur in the year 2016 with 16 articles. Two co-authors appear most popular with 103 articles. Word clouds, a mind map and article theme counts are used to identify nine key research clusters: data management, financial applications, sustainability, accounting and auditing, business and industrial, education, governance, privacy/security and disruptive technology.Research limitations/implicationsSystematic reviews can have selection biases mainly due to search and selection criteria distortions when constructing the final sample of articles. The authors address selection bias by refining our search keyword combinations by using different permutations and using keywords from articles already collected. The authors employ three databases and review the reference list of articles collected to add more articles that may have been missed into our sample. In addition, to avoid inconsistent coding of domains/themes and interpretations, the authors carefully review our domain identifications and all our analysis twice independently using two research assistants to obtain the same conclusions.Practical implicationsThe authors' unique contributions include reviewing additional papers, differentiating between industry, academic articles, common trends and gaps in much scattered prior literature. The authors identify existing accounting standards, guidelines, limitations and possible amendments required in future for blockchain adoption in accounting in taxation, accounting treatment of crypto-assets/liabilities and detailed audit procedures. Blockchains are compared with legacy accounting technologies and two frameworks for adoption developed. The authors' results could impact the understanding of existing regulation, accounting standards, future amendments, areas requiring clarity and future collaborative research between academia and industry across multi-disciplines. Practical implications to academics, professional bodies, regulators and industry practitioners exist.Social implicationsThe authors' study identifies significant implications on organizations, environment, culture and society in general. The authors identify that social engagement projects may be easily initiated and implemented with decentralized accounting information systems. Transparency and efficiency would change organization culture, ways accountants and even employees interact with each other and community. Anonymity in blockchains can be used for criminal activities. Coding of negative social dynamics to smart contracts may persist. Transparency of personally identifiable information may place individuals at risk. Regulation and standards would need to identify equity, ethics in blockchains which notwithstanding energy consumption, and could enable environmental protection increasing societal sustainability.Originality/valueTo the authors' knowledge, this is the first study that compares academic and industry literature of 452 articles to identify gaps and similarities from 2012 to 2020 using three multi-disciplinary databases. The authors' study is the first study to in detail existing accounting standards, unclear areas, future amendments for International Financial Reporting Standards (IFRS) standards on taxation, financial reporting and all aspects of auditing procedures. The authors further categorize prior literature into these key areas and develop two frameworks (DAERPS and DAIS) that are linked to our review results and prior literature. The authors identify the impact of blockchain adoption on key stakeholders, regulation, society, culture, organization, accountability and ethics.
38
Mohammadzadeh , Nasibeh, Sadegh Dorri Nogoorani, and José Luis Muñoz-Tapia . "Decentralized Factoring for Self-Sovereign Identities." Electronics 10, no. 12 (June 18, 2021): 1467. http://dx.doi.org/10.3390/electronics10121467.
Abstract:
Invoice factoring is a handy tool for developing businesses that face liquidity problems. The main property that a factoring system needs to fulfill is to prevent an invoice from being factored twice. Distributed ledger technology is suitable for implementing the platform to register invoice factoring agreements and prevent double-factoring. Several works have been proposed to use this technology for invoice factoring. However, current proposals lack in one or several aspects, such as decentralization and security against corruption, protecting business and personally identifiable information (PII), providing non-repudiation for handling disputes, Know-Your-Customer (KYC) compliance, easy user on-boarding, and being cost-efficient. In this article, a factoring registration protocol is proposed for invoice factoring registration based on a public distributed ledger which adheres to the aforementioned requirements. We include a relayer in our architecture to address the entry barrier that the users have due to the need of managing cryptocurrencies for interacting with the public ledger. Moreover, we leverage the concept of Verifiable Credentials (VCs) for KYC compliance, and allow parties to implement their self-sovereign identities by using decentralized identifiers (DIDs). DIDs enable us to relay on the DIDComm protocol for asynchronous and secure off-chain communications. We analyze our protocol from several security aspects, compare it to the related work, and study a possible business use case. Our evaluations demonstrate that our proposal is secure and efficient, as well as covers requirements not addressed by existing related work.
39
Elder, Jonathan, Nicole Jacobson, Natalie Remsen, and Kim Wilmath. "Behind Enemy Lines." Journal of Information Technology Education: Discussion Cases 6 (2017): 12. http://dx.doi.org/10.28945/3928.
Abstract:
A client of a security services firm has received an email from the dark web demanding a ransom or it will start selling data it has stolen from the client. The client as asked for the firm’s assistance in paying the ransom. How should the company proceed? It was late on a Friday afternoon. The ReliaQuest Security Operations Center was busy as usual, but nothing was out of the ordinary. ReliaQuest Chief Technology Officer, Joe Partlow, was in his office working on a new technology innovation when his cell phone rang. It was the Chief Information Security Officer (CISO) for ABC Company, one of ReliaQuest’s clients–a company with millions of customers across the United States. ABC Company’s CISO had a crisis on his hands. He had just gotten word from his public relations staff that a journalist had called asking for a comment about a supposed leak of millions of customer records containing personally identifiable information (PTT) that could potentially be used to steal identities. Apparently, the data was listed “for sale” on the “dark web” portion of the Internet by an anonymous hacker. The CISO wanted ReliaQuest’s help figuring out whether the data had, in fact, been stolen. If so, who stole it, and how? And what could be done now to re-procure the data lost? The journalist had given the company a 24-hour window before he said he would post a story. There was also the question of whether the supposed data leak was legitimate at all. ABC Company’s security team had not been able to verify that any of their systems had been breached, and there seemed to be no way to inspect the supposed stolen data without purchasing it from the anonymous hacker–something the company was not comfortable doing on its own. The situation was urgent. The prospect of alleged customer data floating around the dark web was deeply troubling to the CISO and to Joe, yet he knew that finding the underlying cause of the situation could require members of the ReliaQuest team to use tactics outside the scope of work formally agreed upon by ReliaQuest and ABC Company. Joe also knew that if the breach was real, any tactics to identify and secure the data that ReliaQuest used could be subject to discovery in a criminal case. Moreover, Joe worried that if the breach was real and had somehow happened while under ReliaQuest’s watch, the incident could create a public relations crisis not only for ABC Company, but also for ReliaQuest. Joe was at a high stakes crossroad for making a decision and time was of the essence. ReliaQuest prided itself on team members’ willingness to do whatever it took to make security possible for customers. Nonetheless, Joe needed to decide: How far should ReliaQuest go to verify the breach? How would they find the underlying cause of the breach? How would they recover stolen data? And who should he consult with both within and outside of ReliaQuest to solve the problem while protecting stakeholders?
40
Герасимов, А. А., А. В. Мозговой, К. А. Пугачев, and В. А. Кузнецов. "Choosing of data protection facilities in the information systems of personally identifiable information." Engineering Journal: Science and Innovation, no. 24 (November 2013). http://dx.doi.org/10.18698/2308-6033-2013-11-1016.
41
Kumekawa, Joanne. "Health Information Privacy Protection: Crisis or Common Sense?" OJIN: The Online Journal of Issues in Nursing 6, no. 3 (September 30, 2001). http://dx.doi.org/10.3912/ojin.vol6no03man02.
Abstract:
Concerns about the protection of personally identifiable information are not unique to the health care industry; however, consumers view their medical records as more "private" than other information, such as financial data, because involuntary disclosure can affect jobs or health insurance status. This paper briefly touches upon new sweeping federal privacy standards mandated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The article outlines who and what is covered under the new rules, considers how practitioners can approach compliance with common sense, addresses concerns related to risk management, discusses consumer health privacy issues, and notes the difficulty of evaluating these rules and regulations. The article also looks at some unique privacy issues facing telemedicine and telehealth practitioners.
42
Pfaff, Emily R., Melissa A. Haendel, Kristin Kostka, Adam Lee, Emily Niehaus, Matvey B. Palchuk, Kellie Walters, and Christopher G. Chute. "Ensuring a safe(r) harbor: Excising personally identifiable information from structured electronic health record data." Journal of Clinical and Translational Science 6, no. 1 (December 9, 2021). http://dx.doi.org/10.1017/cts.2021.880.
Abstract:
Abstract Recent findings have shown that the continued expansion of the scope and scale of data collected in electronic health records are making the protection of personally identifiable information (PII) more challenging and may inadvertently put our institutions and patients at risk if not addressed. As clinical terminologies expand to include new terms that may capture PII (e.g., Patient First Name, Patient Phone Number), institutions may start using them in clinical data capture (and in some cases, they already have). Once in use, PII-containing values associated with these terms may find their way into laboratory or observation data tables via extract-transform-load jobs intended to process structured data, putting institutions at risk of unintended disclosure. Here we aim to inform the informatics community of these findings, as well as put out a call to action for remediation by the community.
43
Choi, Min-Wook. "The Use and Protection of Personally Non- Identifiable Information in Digital Behavioral Advertising in the Age of Big Data." Indian Journal of Science and Technology 9, no. 44 (November 30, 2016). http://dx.doi.org/10.17485/ijst/2016/v9i44/105097.
44
Karabasttk, Onur mname. "The Role of Data Protection and Privacy Law in Personally Identifiable Information Driven Mergers from the EU Merger Perspective." SSRN Electronic Journal, 2017. http://dx.doi.org/10.2139/ssrn.3097125.
45
M P, Haripriya. "Cyber Security Unveiled: Trends and Protections in the Digital World." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 07, no. 07 (July 15, 2023). http://dx.doi.org/10.55041/ijsrem24720.
Abstract:
Cybersecurity is the practice of protecting our systems, networks, and programmes from cyber attackers and it aims to access, alter, or destroy sensitive information that affects normal processes. Cybersecurity specialists are constantly searching for new, cutting-edge strategies, where the various methods that cybercriminals can use to attack. According to the Cyber Security & Infrastructure Security Agency (CISA), “Cyber security is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information”. Cybersecurity protects against theft and loss of all forms of data, including sensitive data, protected health information (PHI), personally identifiable information (PII), intellectual property, personal information, data, and systems used by governments and businesses hence it is essential. One of the most important aspects of cybersecurity is End-user Protection. All software and hardware used by end users must be scanned at regular intervals as there can be malicious threats. The attackers do not fall behind as a result of the advancement of new cyber security systems. They use improved hacking methods and target the weaknesses of numerous companies worldwide. Aside from other things, many people are still very concerned about cyber security. At present cyber security faces, many challenges and this study focuses on user security for the most recent technologies that encountered difficulties. Keywords— Cyber Security, Cyber Attacks, Defects, Technologies, Hacking.
46
ANIL KUMAR et al. "AN ANALYSIS OF THE LAWS CONCERNING DIGITAL PRIVACY." Russian Law Journal 11, no. 4s (April 5, 2023). http://dx.doi.org/10.52783/rlj.v11i4s.834.
Abstract:
Both data protection and privacy are crucial components of internet governance. The Data Protection Act is a piece of legislation designed to safeguard individuals' privacy rights. One definition of privacy is the individual's right to manage and disseminate his or her own private information and data in accordance with his or her own goals and values. Numerous judicial decisions in India have elevated the right to privacy to the status of a fundamental right, and statutes have further codified the right as a legal one. The term "internet privacy" can refer to a wide range of issues and debates. The term can refer to both the rights an individual has to control their personal information and the infringements on those rights that occur when that information is transmitted over the Internet. The ever-changing nature of the internet has resulted in a never-ending slew of new privacy-related concerns and problems. Privacy protection in the digital sphere is crucial in the modern world because of the importance of safeguarding our personal information, financial data, sensitive information, online activity, and fundamental rights. To continue reaping the benefits of technological advancements without jeopardising our safety or giving up control of our personal information, it is crucial for individuals, businesses, and governments to take action to protect digital privacy. “The Personal Data Protection Bill, 2019 was introduced in the Lok Sabha on December 11, 2019, by Minister of Electronics and Information Technology Ravi Kumar”. In India, this occurred. The bill's stated goals include, first and foremost, the protection of personally identifiable information, and secondly, the creation of a Data Protection Authority to oversee that protection. This study aims to to examine views of Indian citizens regarding laws concerning digital privacy. For the sake of justification, total 240 respondents has taken through questionnaire by applying 5 point likert scale.
47
"Network Safety On Blockchain-Based Applications Across Multiple Domains." International Journal For Innovative Engineering and Management Research, December 27, 2020, 619–23. http://dx.doi.org/10.48047/ijiemr/v09/i12/104.
Abstract:
The associate surveyed making that endeavors to use blockchain for cutting edge veritable assessment of the most unimaginable constantly followed blockchain disclosure programs. Our exposures as do affiliations and structure affirmation, public-key cryptography, web social affairs, affirmation plans, and the stunning amassing of Personally Identifiable Information (PII). This sensationally organized purposeful assessment in like manner reveals understanding into future headings of studies, preparing, and rehearses in the blockchain and alliance protection space, for example, thriving of blockchain in IoT, the security of blockchain for AI authentic elements, and sidechain consistence. Blockchain has (dependably) end up being one of the most routinely intimated systems for guaranteeing about data parking spot and switch through decentralized, trustless, circumnavigated structures. The vital watchword looks through the presentation that there is a tremendous degree of papers identified with blockchain. The advances of blockchain and truly assigned decentralized structures have best been progressed for a long time and are totally still in their early phases.
48
M, Rekha, and Shoba Rani P. "Determining Intrusion Attacks Against Online Applications Using Cloud-Based Data Security." ICST Transactions on Scalable Information Systems, February 5, 2024. http://dx.doi.org/10.4108/eetsis.5028.
Abstract:
Cloud technology makes it possible for users to access information from anywhere, all the time, on any device, and that is the major cause of the many different types of assaults. In principle, multiple dangers, including data leakage, information leakage, and unauthorized information accessibility, are active in cloud environment layering. Modern technological advancements are made accessible on a daily basis through cloud technology. In the cloud, access control and encryption solutions are more complicated. Because of this greater level, security flaws in online applications and systems are more likely to occur. Somewhere at the ends of the end nodes, a malignant insider can carry out protection assaults. Nevertheless, problems with user privacy and data protection on cloud-based social networking sites continue to exist. Such problems are not known to users. On that social networking site, they post a variety of images, videos, and private information that endures even after eradication. However, some of the data that has been made public was intended to be kept private; as a result, online social information has significantly increased the risk of personally identifiable information leaking. The context of cloud technology depends on the customer capabilities such as quick storing and retrieving offered through cloud computing environments. Dependable cloud providers use a number of methodologies to deliver various digital services, creating a variety of security risks. In this paper, the study of determining intrusive cyber-attacks over the online applications using the cloud data security. Restricting access to shared resources is essential to prevent hackers from stealing vulnerabilities in cloud computing to get unauthorised access to a user's activities as well as information. Gaining access to customer information and obstructing the use of cloud computing are the primary objectives of intrusions on cloud services.
49
Herath, Suvineetha, Haywood Gelman, and Lisa McKee. "Privacy Harm and Non-Compliance from a Legal Perspective." Journal of Cybersecurity Education Research and Practice 2023, no. 2 (October 12, 2023). http://dx.doi.org/10.32727/8.2023.18.
Abstract:
In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR).
50
De Araujo Almeida, Bethania, Denise Moraes Pimenta, and Mauricio Barreto. "Perceptions and experiences on data sharing and linkage for research and the evaluation of public health policy." International Journal of Population Data Science 7, no. 3 (August 25, 2022). http://dx.doi.org/10.23889/ijpds.v7i3.2013.
Abstract:
ObjectivesThis research seeks to understand viewpoints on the use of data containing personally identifiable information by a range of organizations for divergent purposes, focusing on the sharing and linkage of administrative data for the purposes of conducting research and evaluating public policies in Brazil.
ApproachAn exploratory approach was employed to perceive how the concepts relevant to this subject are understood, experienced and expressed by our interlocutors. A semi-structured interview technique was chosen to establish a base of scripted questions capable of building on and adapting to discussions with the participants, as well as addressing the questions that emerged during interviews. The interviewees were divided into three groups: data subjects (patients and beneficiaries of social welfare programs), researchers, and managers with experience in public policy in the areas of health and social protection. Specific scripts were elaborated for each group of respondents.
ResultsGroups and individuals are constantly balancing risks and benefits with regard to exposing and sharing their data; risks weigh more heavily depending on the individual’s socioeconomic context, which is permeated by intersectionality. The processing of personal data by the government raises more fears than actions taken by large technology companies. Individuals and social groups want to receive feedback on research carried out in their communities, and also desire to participate in the design of scientific research and the analysis of evidence used to guide public policies which directly affect them. Data governance is indispensable, requiring not only data management but also specific conditions on data sharing and linkage, principally regarding the sharing of administrative data aligned with legitimate public interests.
ConclusionRaising awareness and providing information on individual and collective rights on personal and sensitive data collection, as well as informing the public about the purposes of data sharing and linkage, is of utmost importance for responsible data management. Administrative data governance should be planned and implemented to foster trust and transparency among all involved and interested parties.